In a landmark ruling, the Vermont Supreme Court recently held that a patient had standing to sue both the hospital at which she was a patient and the employee who attended to her, for negligent disclosure of her personal health information to a third-party. Neither the Health Insurance Portability and Accountability Act (HIPAA) nor Vermont

Over the past thirty days, the Office for Civil Rights (OCR) has reached three HIPAA breach resolutions, signaling to organizations that are covered entities and business associates under HIPAA, the importance of instituting basic best practices for data breach prevention and response. Our colleagues in the Workplace Privacy, Data Management & Security practice group discusses